CVE-2025-26939

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 25, 2025

CWE ID 79

Summary

CVE-2025-26939 is a Cross-Site Scripting (XSS) vulnerability affecting the Counters Block plugin for bPlugins. The flaw, which allows stored XSS attacks, stems from improper input neutralization during web page generation. This issue potentially puts users of Counters Block versions 1.1.2 and below at risk. Attackers can exploit the vulnerability to inject malicious scripts into a targeted website, leading to unauthorized data access or manipulation. Users are advised to update to the latest version of the plugin to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cuOCH
https://www.cve.org/CVERecord?id=CVE-2025-26939
https://nvd.nist.gov/vuln/detail/CVE-2025-26939

Back to Vulnerability Database

CVE-2025-26939

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations